# yamllint disable rule:hyphens rule:commas rule:indentation # ovnkube-master # daemonset version 3 # starts master daemons, each in a separate container # it is run on the master(s) kind: Deployment apiVersion: apps/v1 metadata: name: ovnkube-master # namespace set up by install namespace: ovn-kubernetes annotations: kubernetes.io/description: | This Deployment launches the ovn-kubernetes master networking components. spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: name: ovnkube-master strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: name: ovnkube-master component: network type: infra kubernetes.io/os: "linux" annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: # Requires fairly broad permissions - ability to read all services and network functions as well # as all pods. serviceAccountName: ovn hostNetwork: true # required to be scheduled on a linux node with node-role.kubernetes.io/master label and # only one instance of ovnkube-master pod per node affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/master operator: In values: - "" - key: kubernetes.io/os operator: In values: - "linux" podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - ovnkube-master topologyKey: kubernetes.io/hostname containers: # ovn-northd - v3 - name: ovn-northd image: "iecedge/ovn-daemonset-ubuntu:2020-04-16" imagePullPolicy: "IfNotPresent" command: ["/root/ovnkube.sh", "run-ovn-northd"] securityContext: runAsUser: 0 capabilities: add: ["SYS_NICE"] terminationMessagePolicy: FallbackToLogsOnError volumeMounts: # Run directories where we need to be able to access sockets - mountPath: /var/run/dbus/ name: host-var-run-dbus readOnly: true - mountPath: /var/log/openvswitch/ name: host-var-log-ovs - mountPath: /var/log/ovn/ name: host-var-log-ovs - mountPath: /var/run/openvswitch/ name: host-var-run-ovs - mountPath: /var/run/ovn/ name: host-var-run-ovs - mountPath: /ovn-cert name: host-ovn-cert readOnly: true resources: requests: cpu: 100m memory: 300Mi env: - name: OVN_DAEMONSET_VERSION value: "3" - name: OVN_LOGLEVEL_NORTHD value: "-vconsole:info -vfile:info" - name: K8S_APISERVER valueFrom: configMapKeyRef: name: ovn-config key: k8s_apiserver - name: OVN_KUBERNETES_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: OVN_SSL_ENABLE value: "no" readinessProbe: exec: command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-northd"] initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 60 # end of container - name: nbctl-daemon image: "iecedge/ovn-daemonset-ubuntu:2020-04-16" imagePullPolicy: "IfNotPresent" command: ["/root/ovnkube.sh", "run-nbctld"] securityContext: runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/log/openvswitch/ name: host-var-log-ovs - mountPath: /var/log/ovn/ name: host-var-log-ovs - mountPath: /var/run/openvswitch/ name: host-var-run-ovs - mountPath: /var/run/ovn/ name: host-var-run-ovs - mountPath: /ovn-cert name: host-ovn-cert readOnly: true resources: requests: cpu: 100m memory: 300Mi env: - name: OVN_DAEMONSET_VERSION value: "3" - name: OVN_LOGLEVEL_NBCTLD value: "-vconsole:info" - name: K8S_APISERVER valueFrom: configMapKeyRef: name: ovn-config key: k8s_apiserver - name: OVN_SSL_ENABLE value: "no" readinessProbe: exec: command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-nbctld"] initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 60 # end of container - name: ovnkube-master image: "iecedge/ovn-daemonset-ubuntu:2020-04-16" imagePullPolicy: "IfNotPresent" command: ["/root/ovnkube.sh", "ovn-master"] securityContext: runAsUser: 0 terminationMessagePolicy: FallbackToLogsOnError volumeMounts: # Run directories where we need to be able to access sockets - mountPath: /var/run/dbus/ name: host-var-run-dbus readOnly: true - mountPath: /var/log/ovn-kubernetes/ name: host-var-log-ovnkube - mountPath: /var/run/openvswitch/ name: host-var-run-ovs - mountPath: /var/run/ovn/ name: host-var-run-ovs - mountPath: /ovn-cert name: host-ovn-cert readOnly: true resources: requests: cpu: 100m memory: 300Mi env: - name: OVN_DAEMONSET_VERSION value: "3" - name: OVNKUBE_LOGLEVEL value: "4" - name: OVN_NET_CIDR valueFrom: configMapKeyRef: name: ovn-config key: net_cidr - name: OVN_SVC_CIDR valueFrom: configMapKeyRef: name: ovn-config key: svc_cidr - name: K8S_APISERVER valueFrom: configMapKeyRef: name: ovn-config key: k8s_apiserver - name: K8S_NODE valueFrom: fieldRef: fieldPath: spec.nodeName - name: OVN_KUBERNETES_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: OVN_HYBRID_OVERLAY_ENABLE value: "" - name: OVN_HYBRID_OVERLAY_NET_CIDR value: "" - name: OVN_SSL_ENABLE value: "no" # end of container volumes: # TODO: Need to check why we need this? - name: host-var-run-dbus hostPath: path: /var/run/dbus - name: host-var-log-ovs hostPath: path: /var/log/openvswitch - name: host-var-log-ovnkube hostPath: path: /var/log/ovn-kubernetes - name: host-var-run-ovs hostPath: path: /var/run/openvswitch - name: host-ovn-cert hostPath: path: /etc/ovn type: DirectoryOrCreate tolerations: - operator: "Exists"